Imported Upstream version 2.5.1

[debian/amanda] / server-src / amoverview.pl.in

diff --git a/server-src/amoverview.pl.in b/server-src/amoverview.pl.in
index 25f1e07c888d89da0a77957c88c59d12114daf5e..9f4ce99b71864faa3abe4fe4321d6e62d8cb81c4 100644 (file)
--- a/server-src/amoverview.pl.in
+++ b/server-src/amoverview.pl.in
@@ -9,6 +9,7 @@ require 5.001;
 
 use FileHandle;
 use Getopt::Long;
+use Text::ParseWords;
 use Carp;
 use POSIX;
 
@@ -78,6 +79,15 @@ elsif($#ARGV > 0) {
   Usage();
 }
 
+#untaint user input $ARGV[0]
+
+if ($opt_config =~ /^([\w.-]+)$/) {          # $1 is untainted
+   $opt_config = $1;
+} else {
+    die "filename '$opt_config' has invalid characters.\n";
+}
+
+
 -d "$confdir/$opt_config" or
        die "$0: directory `$confdir/$opt_config' does not exist.\n";
 
@@ -111,11 +121,12 @@ my $fh = new FileHandle "$amadmin $opt_config find|" or
     die "$0: error in opening `$amadmin $opt_config find' pipe: $!\n";
 <$fh>;
 while (<$fh>) {
+print "'$_'\n";
     chomp;
     next if /found Amanda directory/;
     next if /skipping cruft directory/;
     next if /skip-incr/;
-    ($date, $host, $disk, $level, $tape, $file, $status) = split ' ', $_;
+    ($date, $host, $disk, $level, $tape, $file, $part, $status) = quotewords(" ", 0, $_);
     next if $date eq 'date';
     next if $date eq 'Warning:';
     next if $date eq 'Scanning';